Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Sitecom WLM-3500 Backdoor Accounts Authentication Bypass vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is running Sitecom WLM-3500 Router and is prone to authentication bypass vulnerability.
Insight
Insight
Sitecom WLM-3500 routers contain an undocumented access backdoor that can be abused to bypass existing authentication mechanisms. These hard-coded accounts are persistently stored inside the device firmware image. Despite these users cannot access all the pages of the web interface, they can still access page '/romfile.cfg', the (clear-text) configuration file of the device that contains, among the other things, also the password for the 'admin' user. Thus, escalating to administrative privileges is trivial.
Affected Software
Affected Software
Sitecom WLM-3500, firmware versions < 1.07
Solution
Solution
Upgrade to Sitecom WLM-3500, firmware versions 1.07 or later.